Endor Labs today added a set of artificial intelligence (AI) agents to its platform, specifically trained to identify security defects in applications and suggest remediations. Fresh off raising an additional $93 million in funding, Endor Labs founder and CEO Varun Badhwar said going beyond simply identifying vulnerabilities in code, these AI agents are trained to […]
Veracode Extends Scope and Reach of DevSecOps Portfolio
Veracode today updated its risk management tool to provide integration with Kubernetes runtime environments, increased integration with code repositories to make it simpler to identify the origin of vulnerabilities and, available shortly, an ability to add tags and classifications to help streamline remediation efforts.
AI-Generated Code Packages Can Lead to ‘Slopsquatting’ Threat
AI hallucinations – the occasional tendency of large language models to respond to prompts with incorrect, inaccurate or made-up answers – have been an ongoing concern as the enterprise adoption of generative AI has accelerated over the past two years. They’re also an issue for developers using AI-based tools when building code, including generating names of packages […]
Report: Commercial Software Just as Vulnerable as Open Source
An analysis published by ReversingLabs, a provider of tools for securing application development environments, suggests that commercial software used in software supply chains is just as vulnerable as open-source code.
Report: Bulk of Application Vulnerabilities Don’t Require Immediate Attention
An analysis of more than 101 million application security alerts conducted by OX Security, a provider of an application security posture management (ASPM) platform, finds only 2% to 5% require immediate action, with more than 95% considered informational.
Demystifying Code-to-Cloud Security
Code-to-cloud security is considered the future of application security, as it helps lower expenses, prevents data breaches and ensures compliance infringement, thereby protecting an organization’s reputation.
Securing the Future: DevSecOps in the Age of Artificial Intelligence
Why DevSecOps is a critical discipline in the AI era, the benefits and challenges of integrating AI into DevSecOps pipelines and why it provides a framework for successfully adopting these emerging technologies.
The DevOps Bottleneck: Why IaC Orchestration is the Missing Piece
If you work in DevOps, you’ve heard it a thousand times: “Do more with less.” More automation, more security, more reliability—but with the same (or fewer) people. Meanwhile, your development teams keep growing, pushing out new features at breakneck speed. Yet somehow, the infrastructure team is supposed to scale magically to keep up. Let’s be […]
JFrog Survey Surfaces Limited DevSecOps Gains
A global survey of 1,402 application developers, cybersecurity and IT operations professionals finds 71% work for organizations that, despite any potential vulnerabilities, still allow developers to download packages directly from the internet.
Pulumi Extends Security Reach to Include Managing Secrets and Policy-as-Code
Pulumi today extended the reach of its Environments, Secrets and Configurations (ESC) platform for managing infrastructure-as-code (IaC) into the realm of DevSecOps by adding the ability to manage secrets and implement policies.
- « Previous Page
- 1
- …
- 5
- 6
- 7
- 8
- 9
- …
- 113
- Next Page »